建立一個私用的 ntp server (using Chrony)

在其他文章有提過,不要用巨硬公司 windows server 當成 NTP Server. 它會給你製造非常多的麻煩。

網路上已經有一堆文章在講 how to install ntp/chrony on centos 7。說明的非常清楚,操作完成的時間大約幾分鐘就可以搞定,所以…要嘛就直接使用外部精良的 NTP Server,要嘛就自己建一台 (基於重重阻擋的政策)

為 Chrony 為例:

安裝 Chrony
# yum install -y chrony

開通或是關閉 Firewall
# firewall-cmd –add-service=ntp –permanent && firewall-cmd –add-service=ntp
or
# systemctl stop firewalld.service && systemctl disable firewalld.service

/etc/chrony.conf 改成下面:
我這邊使用 time.google.com.
放入允許的 RFC1918 private IP addresses
關掉 RTC

Use public servers from the pool.ntp.org project.
 Please consider joining the pool (http://www.pool.ntp.org/join.html).
 server time.google.com iburst
 Record the rate at which the system clock gains/losses time.
 driftfile /var/lib/chrony/drift
 Allow the system clock to be stepped in the first three updates
 if its offset is larger than 1 second.
 makestep 1.0 3
 Enable kernel synchronization of the real-time clock (RTC).
 rtcsync
 Enable hardware timestamping on all interfaces that support it.
 hwtimestamp *
 Increase the minimum number of selectable sources required to adjust
 the system clock.
 minsources 2
 Allow NTP client access from local network.
 allow 192.168.0.0/16
 allow 172.0.0.0/8
 allow 10.0.0.0/8
 Serve time even if not synchronized to a time source.
 local stratum 10
 Specify file containing keys for NTP authentication.
 keyfile /etc/chrony.keys
 Specify directory for log files.
 logdir /var/log/chrony
 Select which information is logged.
 log measurements statistics tracking

常用的 chrony troubleshooting CLI

# chronyc tracking  
# chronyc sources -v
# chronyc sourcestats -v
# systemctl status chronyd

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google photo

您的留言將使用 Google 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

連結到 %s